nota bene to avoid flashing a new kernel by rogue hax0r you don't need any of that cert and TPM/tivoization crap. You just need to make sure the flashing is asking for a unique password assigned to your particular device

IOW as long as yur ROM bootloader has a feature to flash new kernel but doesn't allow readout of the kernel on device, it's absolutely sufficient when you hardcode your individual unlock key for the TPM storage to your kernel before flashing it

sure somebody could run your original kernel in a virtual machine, on anelok, thus tricking you into thinking the device is still "clean". But could they *really* or is this just a theoretical attack vector that doesn't fit through the eye of the needle of your actual hardware resources?

(eew) naw, dental procedures are pretty tame nowadays. well, if you go to a capable dentist. if you choose one whose principal professional experience is with four-legged patients, you may get what you deserve :)

using C in 2014 is building a house painted with lead and lined with asbestos, and replying to the complaints of cancer and developmental delays that "omg, but there is already 1000 houses built like that, and we had a WHOLE BUCKET of lead paint, it's not like you can let that just *rot*."

people seem to have a weird sense of pride in using horrible tools. true, using your homemade chainsaw without eye or hand protection probably raises your self-worth, but it doesn't help those maimed by the parts flying around at subsonic speeds

in your own home, you can use whatever you want. the second you publish a new project in C, your fucking fingers need to be chopped off, to prevent damage to those green enough who dared to actually use that

there is *absolutely no reason whatsoever* to leave the sign bit stuff undefined in the standard. there is even less reason to not enable -fwrapv by default in every single compiler that exists. yet, it persists.

(POLYH computes a polynom of arbitrary degree with 128-bit floating-point numbers. surprisingly, they limited the degree to <= 31. guess someone decided it would be inappropriate for the CPU to spend more than a day on a single instruction ...)

it's... systems design 101. don't pretend that remote things are local. don't replace an interface with another one with a much wider range of failure modes without even adding a way to observe those failures